Wireless communication network technologies continue to advance. For example, wireless communication service providers such as mobile phone service providers are deploying and expanding provider networks (e.g., Long Term Evolution (“LTE”) wireless communication networks) that are configured to provide not only voice services, but also data services whereby various computing devices connected to the provider networks (e.g., client devices, application servers, etc.) may exchange data over the provider networks. Thus, along with supporting voice calls between cell phones and/or other telephonic devices, provider networks may also support the exchange of data between various types of client devices (e.g., cell phones, tablet computers, Internet of Things (“IoT”) devices, etc.) and application servers to allow the client devices, for example, to access data services provided by the application servers, to report data or receive updates from the application servers, and the like.
In many examples, it may be desirable for data communications on a provider network to be secure (e.g., to prevent unwanted dissemination of data, to prevent fraud, etc.). Accordingly, the provider network may provide security for a connection between a client device and one or more network elements (e.g., a firewall, a virtual private network (“VPN”) concentrator, etc.) located within the provider network. Additionally, various security procedures and technologies including, for example, Transport Layer Security (“TLS”), Secure Sockets Layer (“SSL”), HyperText Transfer Protocol Secure (“HTTPS”), Datagram Transport Layer Security (“DTLS”), and Internet Protocol Security (“IPSec”), among others, may be used in situations where end-to-end application layer session security (i.e., security that extends from applications running on the client device all the way to applications running on the application server) may be required.
Unfortunately, security protocols that do not extend from end-to-end on an application layer session between a mobile device and an application server may provide insufficient security for many situations (e.g., for fully securing application layer sessions). Moreover, existing end-to-end application layer session security technologies may involve various aspects (e.g., transferring certificates, authenticating certificates by certificate authorities, managing public and private keys, exchanging multiple messages to derive session keys, etc.) that require inordinate amounts of processing and that will not scale sufficiently to keep up with increasing numbers of client devices that are being connected to provider networks. In particular, along with continual increases in the number of subscribers that use provider networks to operate personal mobile devices such as cell phones, provider networks are increasingly being used to host an enormous proliferation of IoT devices that are expected to eventually dwarf the current number of client devices currently connected to the provider networks. As such, security technologies that may have been sufficient in the past may increasingly be found lacking as the future unfolds.